What is a cryptosystem?
A cryptosystem is a structure or scheme consisting of a set of algorithms that converts plaintext to ciphertext to encode or decode messages securely. The term cryptosystem is shorthand for "cryptographic system" and refers to a computer system that employs cryptography, a method of protecting information and communications with codes so only those for whom the information is intended can read and process it.
To keep data secure, cryptosystems incorporate the algorithms for key generation, encryption and decryption techniques. At the heart of cryptographic operations is a cryptographic key, a string of bits used by a cryptographic algorithm to transform plaintext into ciphertext or the reverse. The key is part of the variable data provided as input to a cryptographic algorithm to execute this sort of operation. The cryptographic scheme's security depends on the security of the keys used.
Cryptosystems are used for sending messages in a secure manner over the internet, such as credit card information and other private data. In another application of cryptography, a system for secure email might include methods for digital signatures, cryptographic hash functions and key management techniques.
Components of a cryptosystem
A basic cryptosystem includes the following:
- Plaintext. Unencrypted information that needs protection.
- Ciphertext. The encrypted, or unreadable, version of the plaintext information.
- Encryption algorithm. The mathematical algorithm that takes plaintext as the input and encrypts to ciphertext. It also produces the unique encryption key for that text.
- Decryption algorithm. The mathematical algorithm that takes ciphertext as the input and decodes it into plaintext. It also uses the unique decryption key for that text.
- Encryption key. The value known to the sender that is used to compute the ciphertext for the given plaintext.
- Decryption key. The value known to the receiver that is used to decode the given ciphertext into plaintext.
Types of cryptosystems
Cryptosystems are categorized by the method they use to encrypt data, either symmetrically or asymmetrically.
- Symmetric key encryption. The cryptosystem uses the same key for both encryption and decryption. In this method, keys are shared with both parties prior to transmission and are changed regularly to prevent any system attacks.
- Asymmetric key encryption. The cryptosystem uses different keys for encryption and decryption. The keys are mathematically related, however. In this method, each party has its own pair of keys that is exchanged during transmission.
Cryptosystem attack examples
Modern cryptography has become highly complex, and because encryption is used to keep data secure, cryptographic systems are an attractive target for attackers. What is considered strong encryption today will likely not be sufficient a few years from now due to advances in CPU technologies and new attack techniques. Organizations should start preparing now to tackle future cryptographic challenges.
Common types of cryptographic attacks include the following:
- Brute-force attacks. These attempt every possible combination for a key or password. Increasing key length boosts the time to perform a brute-force attack because the number of potential keys rises.
- Replay attacks. The malicious individual intercepts an encrypted message between two parties, such as a request for authentication, and later "replays" the captured message to open a new session. Incorporating a time stamp and expiration period into each message can help eliminate this type of attack.
- Man-in-the-middle attacks. A malicious individual sits between two communicating parties and intercepts communications, including the setup of the cryptographic session. The attacker responds to the originator's initialization requests, sets up a secure session with the originator and then establishes a second secure session with the intended recipient using a different key and posing as the originator. The attacker has access to all traffic passing between the two parties.
- Implementation attacks. These take advantage of vulnerabilities in the implementation of a cryptosystem to exploit the software code, not just errors and flaws, but the logic implementation to work the encryption system.
- Statistical attacks. These exploit statistical weaknesses in a cryptosystem, such as floating-point errors. Another weakness that might lead to a statistical attack is the inability to produce truly random numbers. Because software-based random number generators have a limited capacity, attackers could potentially predict encryption keys. Statistical attacks are aimed at finding vulnerabilities in the hardware or OS hosting the cryptography application.
- Ciphertext-only attacks. These are one of the most difficult types of cyber attacks to perpetrate because the attacker has little information to begin with. For example, the attacker might start with some unintelligible data that they suspect may be an important encrypted message but then gather several pieces of ciphertext that can help them find trends or statistical data that would aid in an attack.
- Plaintext attacks. An attacker who has a copy of both the encrypted message and the plaintext message may be able to break weaker codes. This type of attack is aimed at finding the cryptographic key that was used to encrypt the message. Once the key is found, the attacker can then decrypt all messages encrypted using that key.